11 Top Breach and Attack Simulation (BAS) Vendors


Breach and attack simulation (BAS) is a relatively new IT security technology that can automatically spot vulnerabilities in an organization's cyber defenses, akin to continuous, automated penetration testing. The best tools also recommend and prioritize fixes to maximize security staff time and minimize cyber risk.

As with most new technologies, vendors in the BAS market tend to be startups, and many of them are headquartered in Israel, thus creating challenges for early adopters. Once the market begins to mature and get noticed, expect consolidation to follow.

VIDEO: How Breach & Attack Simulation Can Improve Your Security Strategy – Watch this 10-Minute Take with Sean Kerner and Gus Evangelakos from XM Cyber now.

Here are 11 of the top early movers in the BAS market, based in part on Gartner and CyberDB research. For more on our top vendor methodology, click here.

Jump to:


Founded in 2013, AttackIQ is headquartered in San Diego, California, and has raised $14.3 million in funding, according to CrunchBase. The company promises to help companies put on an "offensive defense" with its FireDrill platform. It's an agent-based system that "requires minimal setup time, and few resources to implement." It includes a dashboard for monitoring your ongoing security posture and a project section for running specific attack scenarios.

See our in-depth analysis of AttackIQ's FireDrill platform

Cronus Cyber Technologies

Based in Israel, this startup offers a product called Cybot that it describes as a combination vulnerability management and penetration testing solution. It offers three versions of the product, a standard "pro" version, plus one for enterprises and one for managed security service providers (MSSPs). It was founded in 2014 and has raised $5.7 million in venture funding.

See our in-depth analysis of Cronus Cybot


Founded in 2017, CyCognito is one of the youngest BAS vendors. It offers a SaaS solution that is said to "think like an attacker to uncover and eliminate security blind spots." It attempts to identify the path of least resistance, those that attackers are most likely to exploit. The company is headquartered in Silicon Valley.

See our in-depth analysis of CyCognito's BAS platform


One of several Israel-based startups on the list, Cymulate was named a Gartner Cool Vendor for 2018. It claims that its cloud-based BAS tool takes just five minutes to deploy and starts returning insights two minutes later. Its capabilities include immediate threat alerts, email security, Web gateway, Web application, hopper—lateral movement, endpoint, data exfiltration, phishing and SIEM/SOC assessments.

See our in-depth analysis of Cymulate's BAS platform

GuardiCore Infection Monkey

GuardiCore's primary product is a microsegmentation platform designed for hybrid clouds, but the company also has an open source BAS tool called Infection Monkey. It's a free download, and enterprises can run it continuously if they choose. Building on GuardiCore's area of expertise, it is especially good at detecting lateral movement and assessing the security of hybrid clouds.

See our in-depth analysis of GuardiCore Infection Monkey
See user reviews of GuardiCore Infection Monkey

Picus Security

Picus calls itself the "pioneer of breach and attack simulation technologies" and boasts "many large multinational corporations and government agencies" as customers. It includes modules for continuous HTTP/HTTPS, endpoint and email testing. The company was founded in 2013 and is headquartered in San Francisco with offices in London and Ankara, Turkey (where many of its executives are from).

See our in-depth analysis of Picus Security


SafeBreach holds multiple patents for breach and attack simulation technology and has won multiple awards, including being named a Gartner Cool Vendor for 2017 and a BlackHat Most Innovative Startup in 2016. It offers cloud, network and endpoint simulators that can detect infiltration, lateral movement and data exfiltration. Founded in 2014, it is headquartered in Silicon Valley.

See our in-depth analysis of SafeBreach
See user reviews of SafeBreach


Founded in 2014 by a U.S. Navy veteran who worked in cryptography, this Texas firm claims to be "the leader in breach and attack simulations." It promises to make BAS easy, and unlike many of the other BAS vendors, it is upfront about pricing, which starts at $33 per month for the Pro version. The solution deploys as a standalone app with optional agents available for testing multiple networks simultaneously.

See our in-depth analysis of Threatcare


Based in the Washington, D.C. area, Verodin is on a mission to "help organizations remove assumptions and prove cybersecurity effectiveness with evidence-based data." It calls its BAS product a Security Instrumentation Platform (SIP) and promises to be able to test the defenses for networks, endpoints, email and the cloud. It was founded in 2014 and earlier this year closed a $21 million funding round.

See our in-depth analysis of Verodin Security Instrumentation Platform

IronSDN WhiteHaX

This Silicon Valley startup is somewhat mysterious as details about its headquarters and founding are difficult to find on its website or CrunchBase. It claims to be "the only solution which allows the IT Security team to conduct automated internal verification of their own security infrastructure defenses without impacting any production servers or endpoints." It has versions available for networks, endpoints, PVC (cloud) and MSSPs, as well as a Lite version.

See our in-depth analysis of IronSDN WhiteHaX

XM Cyber

Headquartered near Tel Aviv, XM Cyber was "founded by the highest caliber of security executives from the elite Israel intelligence sector." Its product is called HaXM, and the company says it is "the first APT simulation platform to simulate, validate and remediate attackers’ paths to your critical assets 24×7." It has won multiple awards, including a 2018 Cybersecurity Breakthrough Award, Startup of the Year 2018, 2018 World Economic Forum Technology Pioneer and more.

See our in-depth analysis of XM Cyber HaXM

Open-source BAS Options

In addition to the vendors offering the full-featured products mentioned above, a few other organizations have released open source software which offers some limited breach and attack simulation capabilities. They include Uber with its Metta adversarial simulation tool; AlphaSOC with its FlightSIM tool for generating malicious network traffic; Endgame with its Red Team Automation scripts; and Red Canary with its Atomic Red Team tests.

NameHeadquartersFoundedFundingProduct Description
AttackIQSan Diego, Calif.2013$14.3 M"AttackIQ delivers continuous validation of your enterprise security program so you can find the gaps, strengthen your security posture and exercise your incident response capabilities."
Cronus Cyber TechnologiesHaifa, Israel2014$5.7 M"CyBot is a next-generation vulnerability management tool as well as the world’s first automated pen testing solution, that continuously showcases validated, global, multi-vector, Attack Path Scenarios (APS), so you can focus your time and resources on those vulnerabilities that threaten your critical assets and business processes."
CyCognitoPalo Alto, Calif.2017Unknown"CyCognito’s SaaS platform continuously simulates sophisticated attackers' actual reconnaissance and examination processes across live infrastructure and network assets to provide comprehensive attack surface analysis in real-time."
CymulateRishon Le Zion, Israel2016$3 M"Cymulate comprehensively identifies the security gaps in your infrastructure and provides actionable insights for proper remediation."
GuardicoreTel Aviv, Israel2013$46 M"The Infection Monkey is an open source Breach and Attack Simulation (BAS) tool that assesses the resiliency of private and public cloud environments to post-breach attacks and lateral movement."
Picus SecuritySan Francisco, Calif.2013$200,000"Independent from any vendor or technology, the unparalleled Picus Platform is designed to continuously measure the effectiveness of security defenses by using emerging threat samples in production environments."
SafeBreachSunnyvale, Calif.2014$34 M"Our unique software platform simulates adversary breach methods across the entire kill chain, without impacting users or your infrastructure."
ThreatcareAustin, Texas2014$2.1 M"We help build, measure, and maintain your cybersecurity through powerful breach and attack simulations so you can scale your business."
VerodinMclean, Virg.2014$33.1 M"Verodin is a business platform that provides organizations with the evidence needed to measure, manage and improve their cybersecurity effectiveness."
WhiteHaXSilicon ValleyUnknownUnknown"WhiteHax is a unique multi-appliance, pre & post-infiltration, security-breach simulation platform to allow IT security teams to test the effectiveness of their already deployed security infrastructure."
XM CyberHerzliya, Israel2016$32 M"XM Cyber provides the first fully automated APT Simulation Platform to continuously expose attack vectors, above and below the surface, from breach point to any organizational critical asset."

How Breach & Attack Simulation Can Improve Your Security Strategy – Watch this 10-Minute Take with Sean Kerner and Gus Evangelakos from XM Cyber now.